Commit Graph

436 Commits

Author SHA1 Message Date
Daniel Nephin aa07128f46 Merge pull request #9259 from hashicorp/dnephin/doc-streaming-experimental
docs: mark streaming as experimental
2020-11-23 21:14:12 +00:00
Daniel Nephin 39b2a30c56 Merge pull request #9259 from hashicorp/dnephin/doc-streaming-experimental
docs: mark streaming as experimental
2020-11-23 21:14:08 +00:00
Freddy ff5215d882 Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-23 06:27:20 -07:00
Sabeen Syed b82317d506 Update NIA architecture image (#9180) 2020-11-23 07:49:22 +00:00
Sabeen Syed 97b26f19c7 Update NIA architecture image (#9180) 2020-11-23 07:49:17 +00:00
Kit Patella fe6ef7e414 Merge pull request #9245 from hashicorp/telemetry/fix-missing-and-stale-docs
Telemetry/fix missing and stale docs
2020-11-20 20:55:51 +00:00
Kit Patella 6e607d7cd3 Merge pull request #9245 from hashicorp/telemetry/fix-missing-and-stale-docs
Telemetry/fix missing and stale docs
2020-11-20 20:55:45 +00:00
Freddy 4e44341d36 Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 16:50:17 -07:00
R.B. Boyer 140c220131
[1.9.0] command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint (#9230)
Manual backport of #9229 into 1.9.0 branch

Fixes #9215
2020-11-19 15:33:41 -06:00
R.B. Boyer 32f6d17e5d command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint (#9229)
Fixes #9215
2020-11-19 21:28:09 +00:00
Freddy 5137e4501d Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 17:15:17 +00:00
Kit Patella b2a6b9d5c7 Merge pull request #9091 from scellef/correct-upgrade-guide
Correcting text on when default was changed in Consul
2020-11-19 00:55:56 +00:00
Kit Patella f3380b1c43 Merge pull request #9091 from scellef/correct-upgrade-guide
Correcting text on when default was changed in Consul
2020-11-19 00:55:51 +00:00
Mike Morris c2c8528073 website: update download callout for v1.9.0-rc1 2020-11-18 18:38:06 -05:00
Mike Morris 54fcfec78c Merge branch 'stable-website' into website/1.9.0-rc1 2020-11-18 18:35:01 -05:00
Matt Keeler dfaaa0b73a Refactor to call non-voting servers read replicas (#9191)
Co-authored-by: Kit Patella <kit@jepsen.io>
2020-11-17 15:54:38 +00:00
Matt Keeler aa45e343b5 [docs] Change links to the DNS information to the right place (#8675)
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 15:03:32 +00:00
Matt Keeler 1f0007d3f3 [docs] Change links to the DNS information to the right place (#8675)
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 15:03:27 +00:00
Luke Kysow 35191ac381 Docs for upgrading to CRDs (#9176)
* Add Upgrading to CRDs docs
2020-11-13 23:20:11 +00:00
Luke Kysow 9050263072 Docs for upgrading to CRDs (#9176)
* Add Upgrading to CRDs docs
2020-11-13 23:20:07 +00:00
Kyle Schochenmaier 4142a8b86a Docs: for consul-k8s health checks (#8819)
* docs for consul-k8s health checks

Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-11-12 22:57:09 +00:00
Kyle Schochenmaier ba82eab3fb Docs: for consul-k8s health checks (#8819)
* docs for consul-k8s health checks

Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-11-12 22:57:05 +00:00
Nitya Dhanushkodi 246bb7123e Merge pull request #9179 from hashicorp/ndhanushkodi-patch-1
Update Helm compatibility matrix
2020-11-12 22:55:06 +00:00
Nitya Dhanushkodi b6459fe725 Merge pull request #9179 from hashicorp/ndhanushkodi-patch-1
Update Helm compatibility matrix
2020-11-12 22:55:02 +00:00
R.B. Boyer f815014432 agent: return the default ACL policy to callers as a header (#9101)
Header is: X-Consul-Default-ACL-Policy=<allow|deny>

This is of particular utility when fetching matching intentions, as the
fallthrough for a request that doesn't match any intentions is to
enforce using the default acl policy.
2020-11-12 16:39:16 +00:00
Paul Banks b4cb9155d8
Update ui-visualization.mdx 2020-11-12 15:53:51 +00:00
Matt Keeler 1f4da2ae9d Add a CLI command for retrieving the autopilot configuration. (#9142) 2020-11-11 18:19:32 +00:00
Mike Morris 9c989fef4d
Merge pull request #9155 from hashicorp/release/1.9.0-beta3
merge: 1.9.0-beta3
2020-11-11 12:55:23 -05:00
Joel Watson 85595ab3ea docs: add warning in 0.9.0 upgrade notes 2020-11-11 14:24:45 +00:00
Mike Morris e34b7d0b1b website: update callout to 1.9.0-beta3 2020-11-09 16:16:34 -05:00
Matt Keeler f2dee21aca Add some autopilot docs and update the changelog (#9139) 2020-11-09 19:15:12 +00:00
Matt Keeler 8539565046 Merge pull request #9103 from hashicorp/feature/autopilot-mod
Switch to using the external autopilot module
2020-11-09 16:30:48 +00:00
Mike Morris 4f1d2a1c56 chore: upgrade to gopsutil/v3 (#9118)
* deps: update golang.org/x/sys

* deps: update imports to gopsutil/v3

* chore: make update-vendor
2020-11-07 01:49:01 +00:00
Paul Banks ec31918507 UI Metrics documentation (#9048)
* UI Metrics documentation

* Update website/pages/docs/connect/observability/ui-visualization.mdx

* Fix some review comments

* Fix review comments

* Apply suggestions from code review

Co-authored-by: R.B. Boyer <rb@hashicorp.com>

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-11-06 20:33:08 +00:00
Kim Ngo 7489cacb52 Fix NIA doc links (#9110)
fix config link and anchor
2020-11-05 19:37:18 +00:00
Kim Ngo a9af74d339 docs: Add links in CTS docs for the community to get involved (#9060) 2020-10-29 15:09:41 +00:00
Daniel Nephin 7b9ee25956
Merge pull request #9026 from hashicorp/dnephin/streaming-without-cache-query-param
streaming: rename config and remove requirement for cache=1
2020-10-28 12:33:25 -04:00
Daniel Nephin 62c9124011 docs: Add the new metrics to telemetry.mdx 2020-10-27 16:49:50 -04:00
Kevin Pruett 5637683f5d
Merge pull request #9021 from hashicorp/pruett.alertbanner-exp
Expose `expirationDate` prop in <AlertBanner/>
2020-10-26 16:08:23 -04:00
Kim Ngo 47009930a2
NIA: add Terraform version compatibility (#9023) 2020-10-26 09:46:34 -05:00
Daniel Nephin 853667e7d8 health: change the name of UseStreamingBackend config
Remove it from the cache section, and update the docs.
2020-10-23 17:47:01 -04:00
Kevin Pruett 6a946ec6e4
Expose `expirationDate` prop in <AlertBanner/> 2020-10-23 11:19:41 -04:00
James Light 5b10046418
Update managed-deprecated.mdx (#9016)
fix typo / spell checker replacing w/ wrong word
2020-10-23 10:54:16 -04:00
R.B. Boyer a2c50d3303
connect: add support for envoy 1.16.0, drop support for 1.12.x, and bump point releases as well (#8944)
Supported versions will be: "1.16.0", "1.15.2", "1.14.5", "1.13.6"
2020-10-22 13:46:19 -05:00
Kim Ngo 8ffebeb793
NIA: document daemon exiting on task errors (#8985) 2020-10-22 13:22:55 -05:00
Blake Covarrubias 0c6d1ff3c9
Add extraEnvironmentVars and client.affinity to Helm values (#8997)
Document client.extraEnvironmentVars, server.extraEnvironmentVars, and
client.affinity Helm chart values.

Remove deprecated connectInject.imageEnvoy and meshGateway.imageEnvoy
values.
2020-10-21 23:28:39 -07:00
Blake Covarrubias bdd5e1e2a8 docs: Remove sentence about pluggable CAs
Consul's Connect CA documentation mentions future releases will
support a pluggable CA system. This sentence has existed in the docs
for over two years, however there are currently no plans to develop
this feature on the near-term roadmap.

This commit removes this sentence to avoid giving the impression that
this feature will be available in an upcoming release.
2020-10-20 11:51:22 -07:00
Sabeen Syed 37cfa479d8
Update links (#8949) 2020-10-19 14:38:10 -05:00
Sabeen Syed a3f8aa20dd
Add A10 and Checkpoint TF modules (#8950) 2020-10-15 16:11:09 -05:00
Luke Kysow 812fe06d6c
Update to CRD docs (#8956)
* Update to CRD docs

* Update website/pages/docs/k8s/crds.mdx

* Modify proxy default and service default protocols

Carry over from previous PR that I forgot to submit a review/suggestion to, TCP and HTTP are not valid protocols for Proxy Defaults and Service Defaults

kubectl apply -f sdefault.yml
Error from server: error when creating "sdefault.yml": admission webhook "mutate-servicedefaults.consul.hashicorp.com" denied the request: servicedefaults.consul.hashicorp.com "your-service-name" is invalid: spec.expose.paths[0].protocol: Invalid value: "tcp": must be one of "http", "http2"


kubectl apply -f sdefault.yml
Error from server: error when creating "sdefault.yml": admission webhook "mutate-servicedefaults.consul.hashicorp.com" denied the request: servicedefaults.consul.hashicorp.com "your-service-name" is invalid: spec.expose.paths[0].protocol: Invalid value: "tcp": must be one of "http", "http2"

Co-authored-by: David Yu <dyu@hashicorp.com>
2020-10-15 10:35:26 -07:00
Kit Patella dc8beffb48 truncate jepsen.mdx log for length 2020-10-14 13:13:38 -07:00
R.B. Boyer f0d47ded95
docs: all intention documentation updates (#8869) 2020-10-14 10:23:05 -05:00
Preetha 891c4026c1
Merge pull request #8920 from hashicorp/crd-docs
CRD Docs
2020-10-14 09:42:45 -05:00
Luke Kysow 3ba38fb4be
CRD docs 2020-10-13 17:00:24 -07:00
Luke Kysow bfcd9a5ee3
Recommend using vault token auto-renew in 1.8.5 (#8945) 2020-10-13 16:18:19 -07:00
Peter M 05665e0b84
Add files via upload
updating logo grid image
2020-10-13 15:16:34 -07:00
Kyle Havlovitz 659c4fa941
Merge pull request #8943 from hashicorp/vault-renew-docs
docs: Add a note about auto-renewing the Vault token
2020-10-13 14:36:44 -07:00
Mike Morris 1b2518a358
website: add v1.9.0-beta1 download callout (#8939) 2020-10-13 17:33:49 -04:00
Kyle Havlovitz 2b0713b34d docs: Add a note about auto-renewing the Vault token 2020-10-13 14:25:42 -07:00
Paul Banks f1fd722b81
Add ui metrics config docs (#8921)
* Add ui metrics docs

* Update website/pages/docs/agent/options.mdx

Co-authored-by: R.B. Boyer <rb@hashicorp.com>

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-10-13 22:11:12 +01:00
Sabeen Syed 52498e8d27
Remove email address (#8931) 2020-10-13 13:16:06 -05:00
Kim Ngo fa76fb40f6
Add docs on what activates task execution (#8936) 2020-10-13 11:47:30 -05:00
Lorna Song 1b4d76da52 Update Requirements doc: Terraform module links
Update "Using Terraform Modules" with latest module links from partners
2020-10-13 09:26:39 -06:00
Brandon Romano d39830a667 Plugs in proper links for NIA page 2020-10-12 20:39:34 -07:00
Brandon Romano 2f4f93a383 Fix failed build 2020-10-12 19:38:43 -07:00
Peter M cb84904afb Update network-infrastructure-automation.jsx 2020-10-12 19:20:48 -07:00
pcmccarron 61f62acc9a updating use case pages 2020-10-12 19:20:48 -07:00
pcmccarron 3d3a29c72d updating NIA use case page 2020-10-12 19:20:48 -07:00
Iryna Shustava 4ce6f918a9
Update compatibility matrix (#8928) 2020-10-12 18:03:54 -07:00
Iryna Shustava 482402c2de
docs: add Helm docs for openshift; also add other missing Helm docs (#8833) 2020-10-12 16:35:20 -07:00
Sabeen Syed 7339a13c30
Update a link and reword some sentences (#8925)
Update PANOS link
Update sentences
2020-10-12 17:40:01 -05:00
Ricardo Oliveira a1cf7889e5
Update service-defaults.mdx (#8780) 2020-10-09 13:43:52 -07:00
s-christoff 9bb348c6c7
Enhance the output of consul snapshot inspect (#8787) 2020-10-09 14:57:29 -05:00
Ashwin Venkatesh 79fc29788a Initial docs commit 2020-10-09 15:54:15 -04:00
Kit Patella 00fc6fbf6c
Merge pull request #8913 from hashicorp/mkcp/docs/add-missing-options
adds missing options.mdx entry for telemetry {disable_compat_1.9}
2020-10-09 12:35:46 -07:00
Kit Patella 3c45459302 adds missing options.mdx entry for telemetry {disable_compat_1.9} 2020-10-09 12:29:40 -07:00
Blake Covarrubias 4c83ad3e02
doc: Update acl-method command example (#8845)
* Update acl-method command example

* add tailing backtick
2020-10-09 12:26:14 -07:00
Kim Ngo 05485619fd
Minor updates to NIA partner docs (#8912)
* Renames Terraform module registry to its new name Terraform Registry
2020-10-09 14:16:45 -05:00
Sabeen Syed bd7433c808
Docs: Nia/docs tech preview (#8908)
* Add outline and basic content for Tech Preview docs
* Add Tech Preview tag
* Add auto-labler for Consul Terrform Sync
* Add Consul Terraform Sync config docs (#8837)
* CLI Docs for Consul Terraform Sync
* Task Docs for Consul Terraform Sync
* Add docs for NIA Terraform driver (#8871)
* Update Installation Docs for Consul Terraform Sync
* Initial high level architecture overview (#8872)
* Docs: compatible Terraform modules for Consul-Terraform-Sync (#8887)
* Update Requirements Docs for Consul Terraform Sync
* Remove empty partner module sections
2020-10-09 13:37:20 -05:00
Daniel Nephin ea77eccb14
Merge pull request #8825 from hashicorp/streaming/add-config
streaming: add config and docs
2020-10-09 14:33:58 -04:00
Sabeen Syed 650eefe81a
Docs: Nia/docs partner integration (#8907)
* Add NIA Integration Program page
* Update name to Consul-Terraform-Sync and add Tech Preview tags
* Update diagram to include sequence numbers
* Remove Tech Preview tags and Update Images
* Add TF module naming convention, update image and links
* Add a note, update PANW link, and working updates
* Update URLs to local path
2020-10-09 13:22:18 -05:00
Daniel Nephin e7d505dc33 config: add field for enabling streaming in the client
agent: register the new streaming cache-type
2020-10-09 14:11:34 -04:00
Jimmy Merritello c2c3bdb377
[Website] Add HashiStackMenu to website (#8854)
* Add new HashiStackMenu

* Add transpile option

* Bump version

* Bump HSM version and rm meganav styles
2020-10-09 10:48:21 -05:00
Matt Keeler 8f890bc027
Add capability for the v1/connect/ca/roots endpoint to return a PEM encoded certificate chain (#8774)
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-10-09 10:43:33 -04:00
R.B. Boyer 2ec7d09381
website: re-add forgotten updates (#8890) 2020-10-08 15:33:51 -05:00
Kit Patella adeabf2399
Merge pull request #8877 from hashicorp/mkcp/telemetry/consul.api.http
Add flag for disabling 1.9 metrics backwards compatibility and warnings when set to default
2020-10-08 13:22:37 -07:00
Kit Patella f916b72ee7
Update telemetry.mdx
Make `consul.http...` have an ellipsis rather than just two dots to denote that there's a lot of different metrics under that path.
2020-10-08 13:20:43 -07:00
Matt Keeler 38f5ddce2a
Add per-agent reconnect timeouts (#8781)
This allows for client agent to be run in a more stateless manner where they may be abruptly terminated and not expected to come back. If advertising a per-agent reconnect timeout using the advertise_reconnect_timeout configuration when that agent leaves, other agents will wait only that amount of time for the agent to come back before reaping it.

This has the advantageous side effect of causing servers to deregister the node/services/checks for that agent sooner than if the global reconnect_timeout was used.
2020-10-08 15:02:19 -04:00
Daniel Nephin b93577c94f config: add field for enabling streaming RPC endpoint 2020-10-08 12:11:20 -04:00
Ryan Ooi c80b048111 Update acl-method command example 2020-10-07 06:44:24 +08:00
Iryna Shustava a7db965dc3
docs: Add missing helm docs and make link anchors consistent (#8808) 2020-10-05 10:02:04 -07:00
Kit Patella 06c3509e49 add doc entry for new metric consul.api.http, mark consul.http.. as deprecated in 1.9 2020-10-02 14:02:52 -07:00
Kit Patella 52451cf846
Merge pull request #8271 from coignetp/http-metrics-label
Use method and path as labels for http metrics
2020-10-02 13:41:48 -07:00
Luke Kysow 6abc6a293c
Update k8s upgrade docs (#8789)
* Update k8s upgrade docs
2020-10-01 14:36:15 -07:00
R.B. Boyer 9801ef8eb1
agent: enable enable_central_service_config by default (#8746) 2020-10-01 09:19:14 -05:00
Chris Piraino 97d39505ef
docs: specify what version usage metrics were added in (#8767) 2020-09-28 16:33:02 -05:00
Kit Patella eb8dad4383
Fix typos in telemetry.mdx 2020-09-28 13:50:11 -07:00
Michael Hofer ea0b56486b
Fix typo in Service Discovery/Services documentation 2020-09-25 10:36:32 +02:00
Petrik van der Velde 069d56797f
Improve the Azure cloud auto join documentation (#8530)
* Update the Azure cloud auto join documentation with more explicit information on how to configure the infrastructure.
* Add a note regarding the length of time taken for Azure to sync the MSI permissions.
* Update references from tag_name to tag_key in the Azure examples
Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
2020-09-24 22:41:26 -04:00
Joel Watson c5301b98ac
Merge pull request #8678 from hashicorp/watsonian/upgrade-docs
docs: Add documentation for large version jump upgrades
2020-09-24 16:49:16 -05:00